[sslh] Feature request
Yves Rutschle
yves at rutschle.net
Mon Mar 16 16:50:01 CET 2015
Hello again,
On Sat, Mar 07, 2015 at 12:53:14PM +0100, dajomas at gmail.com wrote:
> The following DNS entries point to the server that runs sslh:
> ssh.domain1.net
> email.domain1.net
> email.domain2.net
>
> Now I want to have the following redirections:
>
> ssh ssh.domain1.net -> ssh.internal.net:22
> https://email.domain1.net -> mail1.internal.net:443
> https://email.domain2.net -> mail2.internal.net:443
>
> Would that be a possible feature or are there other tools to do this? (I
> did try Apache proxy-ing but I might have done that wrong somehow, maybe I
> got the HTTPS configuration wrong)
So, turns out SNI looks a bit complicated, and in fact there
is another tool that does just what you want (in combination
with sslh): sniproxy (https://github.com/dlundquist/sniproxy).
You should be able to use sslh to separate ssh from TLS,
direct TLS to sniproxy, and have sniproxy forward to the
appropriate hosts:
---> sslh ---(ssh)---> ssh.internal.net:22
\--(tls)--> sniproxy --> mail1.internal.net:443
\----> mail2.internal.net:443
Integrating SNI to sslh is essentially the same as
re-implementing sniproxy, so I don't guess that's desirable :-)
Cheers,
Y.
More information about the sslh
mailing list